todoist-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data from Todoist. Ingestion points: The skill reads task content, descriptions, and project names through tools like TODOIST_GET_ALL_TASKS and TODOIST_GET_TASK. Boundary markers: There are no defined delimiters or instructions provided to the agent to treat data retrieved from Todoist as untrusted or to ignore embedded instructions. Capability inventory: The skill allows for significant modifications to the user account, including creating, updating, and permanently deleting tasks, sections, and projects (e.g., TODOIST_DELETE_TASK, TODOIST_DELETE_SECTION). Sanitization: No input validation or sanitization of retrieved data is mentioned.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to add an external MCP server at https://rube.app/mcp. This domain is not included in the trusted vendors list and represents a third-party dependency for the skill's core functionality.
Audit Metadata